def test_invalid_time_format(tmpdir):

    # invalid raises value error.
    data = {"alert": [{"occurred": "2018/03/31 13:40:01 +0000", "foo": []}]}
    f = make_tmp_file(data=data, tmpdir=tmpdir)
    with pytest.raises(ValueError):
        assert 1522503601 == FireEyeAXReport(f).base_timestamp
def test_get_metadata(tmpdir):
    f = make_tmp_file(
        data={
            "alert": [
                {
                    "explanation": {"malwareDetected": {"malware": [{"name": "Stuxnet"}]}},
                    "src": {},
                    "alertUrl": "https://foo",
                    "action": "notified",
                    "occurred": "2018-03-31 13:40:01 +0000",
                    "dst": {},
                    "id": 1234,
                    "name": "MALWARE_OBJECT",
                    "severity": "MAJR",
                    "product": "MAS",
                }
            ],
            "appliance": "my_appliance",
        },
        tmpdir=tmpdir,
    )

    assert FireEyeAXReport(f).metadata() == {
        "hostname": "my_appliance",
        "analyzed_on": "2018-03-31 13:40:01 +0000",
        "severity": "MAJR",
        "alert": "Stuxnet",
        "alert_url": "https://foo",
    }
Exemple #3
0
def datasource(tmpdir) -> FireEyeAXReport:
    return FireEyeAXReport(make_default_file(tmpdir))
Exemple #4
0
def test_no_events(data, tmpdir):
    f = make_tmp_file(data=data, tmpdir=tmpdir)
    assert len(list(FireEyeAXReport(f).events())) == 0
Exemple #5
0
def test_no_data(tmpdir):

    f = make_tmp_file(data={"test": "fest"}, tmpdir=tmpdir)
    FireEyeAXReport(f)
Exemple #6
0
def test_multiple_time_formats(data, tmpdir):
    f = make_tmp_file(data=data, tmpdir=tmpdir)
    assert isinstance(FireEyeAXReport(f).base_timestamp, int)